{"uuid": "f5c2058b-f379-4b7a-b959-7e701ba2dd0c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-41741", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/15567", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-41741\n\ud83d\udd25 CVSS Score: 7 (cvssV3_1, Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: NGINX Open Source before versions 1.23.2 and 1.22.1, NGINX Open Source Subscription before versions R2 P1 and R1 P1, and NGINX Plus before versions R27 P1 and R26 P1 have a vulnerability in the module ngx_http_mp4_module that might allow a local attacker to corrupt NGINX worker memory, resulting in its termination or potential other impact using a specially crafted audio or video file. The issue affects only NGINX products that are built with the ngx_http_mp4_module, when the mp4 directive is used in the configuration file. Further, the attack is possible only if an attacker can trigger processing of a specially crafted audio or video file with the module ngx_http_mp4_module.\n\ud83d\udccf Published: 2022-10-19T21:20:24.882Z\n\ud83d\udccf Modified: 2025-05-08T18:12:10.565Z\n\ud83d\udd17 References:\n1. https://support.f5.com/csp/article/K81926432\n2. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/\n3. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/\n4. https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/\n5. https://www.debian.org/security/2022/dsa-5281\n6. https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html\n7. https://security.netapp.com/advisory/ntap-20230120-0005/", "creation_timestamp": "2025-05-08T18:24:07.000000Z"}